Generation of Predictable Numbers or Identifiers Affecting pbkdf2 package, versions >=3.0.10 <3.1.3

Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the pbkdf2Sync method. An attacker can obtain predictable or uninitialized memory as a cryptographic key when key derivation is used with unsupported or non-normalized algorithm names, potentially compromising the security of derived keys in affected environments.

Updating to a fixed version isn't sufficient if PBKDF2 was used directly or via a bundling package with algorithm arguments outside the specified list. Verify where those keys are stored, how they are used, and take necessary actions like rotation or replacement.

Note: The full list of arguments that were not affected is: md5 sha1 sha224 sha256 sha384 sha512 rmd160 ripemd160

Any other arguments, e.g., representation variations of the above ones like SHA-1/sha-256/SHA512 or different algos like sha3-512/blake2b512, while supported, will return predictable output.

This issue was introduced via this commit.

const node = require('crypto')
const polyfill = require('pbkdf2/browser')

const algos = [
  'sha3-512', 'sha3-256', 'SHA3-384',
  'Sha256', 'Sha512', 'sha512-256',
  'SHA1', 'sha-1',
  'blake2b512',
  'RMD160', 'RIPEMD-160', 'ripemd-160',
]
for (const algo of algos) {
  for (const { pbkdf2Sync } of [node, polyfill]) {
    const key = pbkdf2Sync('secret', 'salt', 100000, 64, algo)
    console.log(`${algo}: ${key.toString('hex')}`);
  }
}

• GitHub Commit